Press releases

Press releases

The Intelligence and Security Committee (ISC) today released the results of their inquiry into GCHQ's surveillance.

Open Rights Group has responded to the Intelligence and Security Committee’s report into Security and Privacy.Executive Director, Jim Killock said:“The ISC's report should have apologised to the nation for their failure to inform Parliament about how far GCHQ’s powers have grown. This report fails to address any of the key questions apart from the need to reform our out-of-date surveillance laws. This just confirms that the ISC lacks the sufficient independence and expertise to hold the agencies to account."A report published by Open Rights Group, has called for the reform of oversight mechanisms, including the Intelligence and Security Committee, so that they are truly independent, accountable to Parliament and have sufficient technical expertise to tackle the technical, legal and ethical issues around surveillance. We also call for reform of the laws that allow surveillance to be replaced by new comprehensive surveillance legislation that complies with human rights law and reflects the current technical landscape. These would mean:

Targeted surveillance not mass surveillance

Prior judicial authorisation for all surveillance decisions

Increasing the legal protection for communications data so that it is the same as for the content of communications

Ending statutory definitions that are out outdated in the digital age – such as the current distinctions between 'internal' and ‘external' communications.

Deputy First Minister John Swinney today failed to address the concerns of privacy campaigners over Scottish government proposals to expand Scotland’s NHS Central Register. Leader of the Green party MSP Patrick Harvie had asked the Minister about concerns raised by the Open Rights Group (ORG) that the proposals could pave the way for a national ID register in Scotland.

Executive Director of ORG, Jim Killock said:

’The Minister claims that they are not creating a new database but they are converting the NHS database into a national identity register. He did not explain why there is a need to create a unique identifier to be used across government databases. This is the crucial question that the Scottish Government must answer.'

About the proposals

The National Health Service Central Register (NHSCR) currently holds the names and addresses of around 30% of Scottish residents. Under the proposals, each resident would also be given a unique citizen reference number (UCRN). This number and the data would be made available to around 100 public organisations across Scotland. These range widely in their remit from health, housing, education and the police to Glasgow Airport and the Forestry Commission. The UCRN could be used to track individuals across different public services.

A unique identifier would allow the bulk processing of vast amounts of personal data across agencies, using the UCRN. This would enable data mining, profiling or other techniques that would require the whole population’s personal information to be examined more or less simultaneously. The consultation is not clear about these activities. It also doesn’t appear to take into account the many risks that such a database could pose - it could be open to misuse for identity theft or tracking people who for their own security don’t want to be traced - for example victims of domestic violence.

ORG believes that these are significant changes that would pave the way for a national ID register and put responsibility for such an important database in the hands of National Records Scotland and the NHS.

We believe that any proposals on this scale should be introduced as primary legislation not as statutory instruments, which would allow a proper public and parliamentary debate.

For more information:

FAQs about the proposals: https://scotland.openrightsgroup.org/policy/2015/02/19/the-scottish-national-id-database-your-questions-answered/

ORG’s full response to the consultation: https://scotland.openrightsgroup.org/policy/2015/02/02/a-national-id-system-by-the-backdoor:-thenhscr-scotland-consultation/

How people can contact their MSPs about the proposals: https://www.openrightsgroup.org/campaigns/stop-scottish-id-database

The NHS Central Register consultation is open to the public until February 25: http://www.scotland.gov.uk/Publications/2014/12/5990

Government proposals to expand the National Health Service Central Register (NHSCR) will pave the way for a national ID register in Scotland. The proposals have been made public in a little-known consultation that closes at the end of February. Digital rights campaigners, the Open Rights Group (ORG) believe that the consultation is flawed, misleading and could fundamentally change the relationship between citizen and state.

Open Rights Group Executive Director, Jim Killock said:

“Government proposals that jeopardise our right to privacy need proper consideration. The SNP rejected a national ID register when the UK government tried to introduce ID cards. These proposals could pave the way for a similar scheme in Scotland and are being introduced without a proper debate by the public or MSPs. ”

Most Scottish citizens already have a unique identity number in the NHS system. This plan is to share this unique identifier with up to 120 other Scottish public bodies - including Glasgow Airport, the Royal Botanical Gardens and the Caledonian Maritime Assets Ltd. Scottish residents could then be tracked across all their interactions with public bodies, including your benefits, bus pass travel or library usage.

ORG believes that this is building an ID card system in Scotland and that any such changes should be introduced as primary legislation, which would allow a proper public and parliamentary debate.

ORG has published its response to the consultation here: https://scotland.openrightsgroup.org/policy/2015/02/02/a-national-id-system-by-the-backdoor:-thenhscr-scotland-consultation/

ORG is also urging its supporters in Scotland to contact their MSPs about the proposals: https://scotland.openrightsgroup.org/campaigns/stop-scottish-id-database

Open Rights Group strongly welcomes the highly significant ruling, which is the first time the IPT has found the UK’s intelligence services to be in breach of human rights law.

However, the finding relates to historic practices only. The IPT has already said it believes intelligence sharing is currently lawful, since the disclosure of the secret policies during the IPT proceedings. In the same December judgment, the IPT also found that GCHQ’s TEMPORA programme of mass surveillance is in accordance with the law.

Elizabeth Knight, Legal Director at Open Rights Group commented,

“This ruling is a very welcome first step. It shows that secret polices are not an acceptable basis for highly intrusive intelligence sharing practices. However, the IPT has not gone far enough. These flimsy policies are not enough to comply with the requirements of human rights law, even now they are public. And GCHQ’s own TEMPORA programme of mass interception is clearly both unlawful and disproportionate. We hope the European Court of Human Rights will go further than the IPT and find that mass surveillance breaches our human right to privacy.”

Open Rights Group has an application pending at the European Court of Human Rights, which challenges both intelligence sharing and GCHQ’s TEMPORA programme based on non-specific, blanket warrants. The case, brought along with Big Brother Watch, English PEN and Constanze Kurz, has been on hold awaiting the outcome of the IPT case. The case will soon proceed now the IPT has given its ruling.

Open Rights Group has called on the Prime Minister to provide more details about his plans to give the security services the legal powers to break encrypted communications.

Executive Director Jim Killock said:

'Cameron’s plans appear dangerous, ill-thought out and scary. Having the power to undermine encryption will have consequences for everyone’s personal security. It could affect not only our personal communications but also the security of sensitive information such as bank records, making us all more vulnerable to criminal attacks.’

A judicial review of the Data Retention and Investigatory Powers Act (DRIPA) has been granted permission by Mr Justice Lewis in the High Court today. Open Rights Group (ORG) and Privacy International (PI) intervened in the case, which was brought by Tom Watson MP and David Davis MP, represented by Liberty. ORG and PI have now been given permission to make further submissions in advance of the next hearing.

Legal Director Elizabeth Knight said:

“After the Court of Justice of the EU declared the Data Retention Directive invalid, the UK government had the opportunity to design new legislation that would protect human rights. It chose instead to circumvent the decision of the CJEU by introducing the Data Retention and Investigatory Powers Act (DRIPA), which is almost identical to the Data Retention Directive.

Through our submission, we hope to help demonstrate that DRIPA breaches our fundamental human right to privacy and does not comply with human rights and EU law."

ORG's submission addresses the EU data protection regime in place before the Data Retention Directive (in particular the Data Protection Directive, the E-privacy Directive and the E-Commerce Directive) and why we consider DRIPA does not comply with the requirements of the regime in light of the clear guidance from the CJEU.

About the judicial review: On 22 July Tom Watson MP and David Davis MP announced that they were pursuing judicial review proceedings, on the grounds of on Article 8 ECHR and Articles 7 and 8 European Charter of Fundamental Rights. They are represented by Liberty. Permission was granted by the High Court (Administrative Court) today, which means that the case will proceed to a substantive hearing.

“Despite the Court of Justice of the European Union ruling that blanket data retention interferes with our right to privacy, the government is expanding the amount of personal information that companies are forced to keep. Rather than rushing through counter-terror legislation, as they rushed through DRIPA, politicians need to ask whether pervasive whole population profiling is justified. Undoubtedly surveillance must be used to tackle the the threat of terrorism but it should be targeted and proportionate.”

On proposals to record IP addresses and port numbers, Killock added:

"In expecting companies to spend millions on recording IP addresses, they are embedding DRIPA and RIPA, both of which are supposed to be reviewed in just over 12 months. They are also dealing with a problem that exists because the mobile companies continue to rely on out of date technology that means hundreds of people use the same IP addresses. The government ought to be asking providers to invest in IPv6, rather than upgrading their current, limited technology, just for the purposes of further logging our movements. "

ORG has also pointed out that parts of the legislation aimed at preventing extremism in educational and other institutions, “are so open-ended that they could easily lead to work-place surveillance, where employers would be obliged by guidelines to check their employees’ email and web history.”

Reacting to today’s ISC report, the Open Rights Group said that their report into Lee Rigby's murder is misleading. Executive Director Jim Killock said:

“When the intelligence services are gathering data about every one of us but failing to act on intelligence about individuals, they need to get back to basics, and look at the way they conduct targeted investigations.

“The committee should not use the appalling murder of Fusilier Rigby as an excuse to justify the further surveillance and monitoring of the entire UK population. To pass the blame to internet companies is to use Fusilier Rigby’s murder to make cheap political points.

“The committee is particularly misleading when it implies that US companies do not co-operate, and it is quite extraordinary to demand that companies pro-actively monitor email content for suspicious material. Internet companies cannot and must not become an arm of the surveillance state.

“As the report admits, ‘lone wolf attacks’ are almost impossible to predict - and therefore difficult to prevent. The security services should focus their efforts on the targeted surveillance of individuals like Michael Adebolajo rather than continuing to monitor every citizen in the UK.

“Mass surveillance erodes the basic trust between citizen and state by treating us all as suspects. If the government keeps finding new ways to justify indiscriminate whole population trawls, it will be fair to say that we have lost our liberty and the terrorists have won.”

Open Rights Group has responded to a report by Channel 4 News that Cable & Wireless allowed GCHQ to scoop up the private communications of millions of people around the world.

Executive Director Jim Killock said:

"Tech companies are hiding their role in enabling blanket collection. It's time for them to come clean and tell us how they work with the security services and how much of our data they have shared. UK warrants are simply not designed to allow everyone's data to be collected, all of the time. They are meant to permit targeted collection."

He added:

"We are being denied a democratic debate. Parliament needs to decide on the limits of the law through a full debate on our broken surveillance regime.”

At their annual conference, ORGCon14, Open Rights Group (ORG) have called on politicians to address surveillance by the police and security services in their manifestos for May's General Election. The digital campaigners believe that a big increase in ORG's membership over the last year and a half shows that surveillance is becoming a key issue for voters. They are calling on political parties to state their policies so that the electorate can make an informed choice about who will protect their rights to privacy and free speech.

ORG’s Executive Director Jim Killock said:

“The Government has failed to debate the issues but we know that the public wants and needs to hear about what is happening with privacy and free speech online.”

Speakers at the conference included the Liberal Democrat MP for Cambridge Julian Huppert, who urged delegates to apply pressure on MP candidates in the run up to the General Election. He said: “There is a profound problem with politicians. A lot just don't get it [digital issues] so take very simplistic views....Fear is incredibly powerful and you do have to work hard to change it.”

With regard to comments made by GCHQ Director Robert Hannigan that tech companies should do more to fight terrorism, Labour MEP Claude Moraes said it was, “outrageous for a civil servant to be making those statements”. He added: “I want our politicians in the run up to the General Election to have a mature debate ... rather than a positioning debate.”

ORG is calling for an end to the blanket surveillance of our personal communications and new legislation that would make the security services accountable to Parliament.

ORGCon is ORG's annual conference where high profile writers, speakers and activists give their insights into the big issues affecting civil liberties and the Internet. The event was attended by over 450 people and took place over two days in London.

Open Rights Group exists to preserve and promote your rights in the digital age. We are funded by thousands of people like you. We are based in London, United Kingdom. Open Rights is a non-profit company limited by Guarantee, registered in England and Wales no. 05581537.